Embodiments of the invention are directed to systems and methods related to utilizing trust tokens in conduct secure message exchanges.
The Internet has made it increasingly easy for users to conduct electronic transactions using computing devices (e.g., mobile phones, tablet computers). However, it has also increased the risks of fraudulent transactions, as well as the risk of data being compromised. Specifically, conventional systems may be susceptible to relay/replay attacks and man-in-the-middle (MITM) attacks. During such attacks, an attacker secretly intercepts, relays, and possibly alters communication between two parties who believe they are directly communicating with each other.
To secure against such attacks, some conventional systems require validation for exchanged messages. Some systems require an exchange of public keys in addition to the message being transmitted over a secure channel. In some systems, tokens may be provided to a device and transactions conducted with the token are verified by a server computer. However, these exchanges may also be susceptible to relay, replay, and MITM attacks in which an attacker may intercept, and in some cases change, message data. Thus, there is a need for an attack recognition mechanism that can address these problems, preferably without substantially changing existing infrastructures.
Embodiments of the invention address these and other problems, individually and collectively.